Bug #5373 Handler
Submitted: 2 Sep 2004 17:22 Modified: 10 Jun 2005 17:31
Reporter: Andres Castiglia Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: InnoDB storage engine Severity:S2 (Serious)
Version:mysql-4.0.20d-win OS:Microsoft Windows (Win2k SP4)
Assigned to: Sergei Golubchik CPU Architecture:Any

[2 Sep 2004 17:22] Andres Castiglia
Using "HANDLER tbl_name READ index_name NEXT" without "HANDLER tbl_name READ index_name = (value1,value2,...)" crash the service.

How to repeat:
-- Ok --
HANDLER tbl_name OPEN [ AS alias ]
HANDLER tbl_name READ index_name = (value1,value2,...)
HANDLER tbl_name READ index_name NEXT

-- Crash the service ---
HANDLER tbl_name OPEN [ AS alias ]
//HANDLER tbl_name READ index_name = (value1,value2,...) // <-- without this line
HANDLER tbl_name READ index_name NEXT // <-- here crash the service

Suggested fix:
I believe that it would have to return an error.
[2 Sep 2004 17:51] Victoria Reznichenko
Verified with the latest BK 4.0 tree.

create table innhandler(id int primary key,
first_name varchar(10),
last_name varchar(10),

insert into innhandler values

HANDLER innhandler OPEN as a;
HANDLER a READ first_name NEXT;

(gdb) bt
#0  que_fork_get_first_thr (fork=0x0) at ../../innobase/que/../include/que0que.ic:32
#1  0x0823e15c in row_search_for_mysql (buf=0x8a2e558 "ü\001", mode=0, prebuilt=0x41196a68, match_mode=0,
    direction=1) at row0sel.c:2988
#2  0x08168994 in ha_innobase::general_fetch (this=0x8a2e470, buf=0x8a2e558 "ü\001", direction=1, match_mode=0)
    at ha_innodb.cc:2940
#3  0x08168a55 in ha_innobase::index_next (this=0x8a2e470, buf=0x8a2e558 "ü\001") at ha_innodb.cc:2976
#4  0x080bad6a in mysql_ha_read (thd=0x8a232e0, tables=0x8a33c98, mode=RNEXT, keyname=0x8a33ce8 "first_name",
    key_expr=0x8a33d08, ha_rkey_mode=HA_READ_KEY_EXACT, cond=0x0, select_limit=1, offset_limit=0)
    at sql_handler.cc:277
#5  0x08106f0f in mysql_execute_command () at sql_parse.cc:2535
#6  0x08107d0c in mysql_parse (thd=0x8a232e0, inBuf=0x8a33c48 "HANDLER a READ first_name NEXT", length=30)
    at sql_parse.cc:3001
#7  0x0810320c in dispatch_command (command=COM_QUERY, thd=0x8a232e0, packet=0x8a2fbe9 "", packet_length=31)
    at sql_parse.cc:1083
#8  0x08102c6f in do_command (thd=0x8a232e0) at sql_parse.cc:953
#9  0x0810234e in handle_one_connection (arg=0x8a232e0) at sql_parse.cc:737
#10 0x4016314b in pthread_start_thread () from /lib/libpthread.so.0
#11 0x401631df in pthread_start_thread_event () from /lib/libpthread.so.0
#12 0x402df50a in clone () from /lib/libc.so.6
[27 Oct 2004 13:40] Heikki Tuuri

Is the command sequence correct for HANDLER at all?

[27 Oct 2004 14:43] Andres Castiglia
obviously the command sequence is incorrect, but don't must crash the service
[6 Dec 2004 20:19] Sergei Golubchik
Heikki, I would prefer to have it fixed in the InnoDB (or rather in ha_innodb.cc).

FIxing it in the HANDLER command it rather easy in 4.1, but I would rather not to backport these changes to 4.0. Fixing in ha_innodb requires less code changes in the stable branch.
[7 May 2005 10:50] David Axmark
Monty wanted this as P1 since it can crash the Server
[7 Jun 2005 20:42] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

[8 Jun 2005 15:22] Sergei Golubchik
Fixed in 4.1.13, 5.0.7
[10 Jun 2005 17:31] Paul Dubois
Noted in 4.1.13, 5.0.7 changelogs.